Fortinet Discovers Joomla! Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in Joomla! CMS.
Joomla! is one of the world's most popular content management system (CMS). It enables users to build Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla! and it accounts for more than 9 percent of CMS market share.
A XSS vulnerability has been discovered in Joomla! 3.8.7 and earlier versions. It is caused by inadequate input filtering of line feed character which leads to XSS vulnerabilities in various components.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 27, 2018
Users should apply the solution provided by Joomla!.
Fortinet reported the vulnerability to Joomla! on March 26, 2018.
Joomla! confirmed the vulnerability on March 27, 2018.
Joomla! patched the vulnerability on May 22, 2018.
This vulnerability was discovered by Zhouyuan Yang of Fortinet's FortiGuard Labs.